Python: Modernise bottle library

Author: RasmusWL

python/ql/src/semmle/python/web/bottle/General.qll

@@ -3,12 +3,12 @@ import semmle.python.web.Http
 import semmle.python.types.Extensions
 
 /** The bottle module */
-ModuleObject theBottleModule() {
-    result = ModuleObject::named("bottle")
+ModuleValue theBottleModule() {
+    result = Module::named("bottle")
 }
 
 /** The bottle.Bottle class */
-ClassObject theBottleClass() {
+ClassValue theBottleClass() {
     result = theBottleModule().attr("Bottle")
 }
 
@@ -17,8 +17,8 @@ ClassObject theBottleClass() {
  */
 predicate bottle_route(CallNode route_call, ControlFlowNode route, Function func) {
     exists(CallNode decorator_call, string name |
-        route_call.getFunction().(AttrNode).getObject(name).refersTo(_, theBottleClass(), _) or
-        route_call.getFunction().refersTo(theBottleModule().attr(name))
+        route_call.getFunction().(AttrNode).getObject(name).pointsTo().getClass() = theBottleClass() or
+        route_call.getFunction().pointsTo(theBottleModule().attr(name))
         |
         (name = "route" or name = httpVerbLower()) and
         decorator_call.getFunction() = route_call and

python/ql/src/semmle/python/web/bottle/Redirect.qll

@@ -8,7 +8,7 @@ import semmle.python.security.TaintTracking
 import semmle.python.security.strings.Basic
 import semmle.python.web.bottle.General
 
-FunctionObject bottle_redirect() {
+FunctionValue bottle_redirect() {
     result = theBottleModule().attr("redirect")
 }
 

python/ql/src/semmle/python/web/bottle/Request.qll

@@ -6,7 +6,7 @@ import semmle.python.security.strings.Untrusted
 import semmle.python.web.Http
 import semmle.python.web.bottle.General
 
-private Object theBottleRequestObject() {
+private Value theBottleRequestObject() {
     result = theBottleModule().attr("request")
 }
 
@@ -32,7 +32,7 @@ class BottleRequestKind extends TaintKind {
 private class RequestSource extends TaintSource {
 
     RequestSource() {
-        this.(ControlFlowNode).refersTo(theBottleRequestObject())
+        this.(ControlFlowNode).pointsTo(theBottleRequestObject())
     }
 
     override predicate isSourceOf(TaintKind kind) {

python/ql/src/semmle/python/web/bottle/Response.qll

@@ -18,7 +18,7 @@ class BottleResponse extends TaintKind {
 
 }
 
-private Object theBottleResponseObject() {
+private Value theBottleResponseObject() {
     result = theBottleModule().attr("response")
 }
 
@@ -27,7 +27,7 @@ class BottleResponseBodyAssignment extends HttpResponseTaintSink {
     BottleResponseBodyAssignment() {
         exists(DefinitionNode lhs |
             lhs.getValue() = this and
-            lhs.(AttrNode).getObject("body").refersTo(theBottleResponseObject())
+            lhs.(AttrNode).getObject("body").pointsTo(theBottleResponseObject())
         )
     }
 

python/ql/test/library-tests/web/bottle/Sources.expected

@@ -1,7 +1,5 @@
 | ../../../query-tests/Security/lib/bottle.py:64 | LocalRequest() | bottle.request |
-| ../../../query-tests/Security/lib/bottle.py:64 | request | bottle.request |
 | test.py:3 | ImportMember | bottle.request |
-| test.py:3 | request | bottle.request |
 | test.py:8 | name | externally controlled string |
 | test.py:12 | name | externally controlled string |
 | test.py:18 | request | bottle.request |

python/ql/test/library-tests/web/bottle/Taint.expected

@@ -1,8 +1,6 @@
 | ../../../query-tests/Security/lib/bottle.py:64 | LocalRequest() | bottle.request |
-| ../../../query-tests/Security/lib/bottle.py:64 | request | bottle.request |
 | ../../../query-tests/Security/lib/bottle.py:68 | url | externally controlled string |
 | test.py:3 | ImportMember | bottle.request |
-| test.py:3 | request | bottle.request |
 | test.py:8 | name | externally controlled string |
 | test.py:9 | BinaryExpr | externally controlled string |
 | test.py:9 | name | externally controlled string |

python/ql/test/query-tests/Security/lib/bottle.py

@@ -67,4 +67,3 @@ class LocalResponse(LocalProxy):
 
 def redirect(url, code=None):
     pass
-